Fortinet Releases Multiple Security Updates

Updates address 2 High, 4 Medium, and 3 Low severity vulnerabilities in FortiADC, FortiOS, FortiProxy, and FortiNAC

Threat ID:: CC-4316
Threat Severity:: Information only
Published:: 5 May 2023 1:56 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Updates address 2 High, 4 Medium, and 3 Low severity vulnerabilities in FortiADC, FortiOS, FortiProxy, and FortiNAC

Affected platforms

The following platforms are known to be affected:

Fortinet FortiADC (Application Delivery Controllers)

Fortinet FortiOS

Fortinet FortiProxy

FortiNAC

Threat details

Introduction

Fortinet has released security updates to address 2 High, 4 Medium, and 3 Low severity vulnerabilities in FortiADC, FortiOS, FortiProxy, and FortiNAC. The High severity vulnerabilities include a command injection vulnerability for FortiADC, known as CVE-2023-27999, and an out-of-bounds write vulnerability in FortiOS and FortiProxy, known as CVE-2023-22640. An authenticated attacker could exploit these vulnerabilities to execute unauthorised commands or achieve arbitrary code execution.

Remediation advice

Affected organisations are encouraged to review Fortinet's FortiGuard Labs PSIRT Advisories and apply the relevant updates.

Remediation steps

Type	Step
Patch	FortiADC - Command injection in external resource module \| FG-IR-22-297 https://www.fortiguard.com/psirt/FG-IR-22-297
Patch	FortiOS & FortiProxy - Out-of-bound-write in sslvpnd \| FG-IR-22-475 https://www.fortiguard.com/psirt/FG-IR-22-475
Patch	FortiADC - Path traversal vulnerability in CLI \| FG-IR-23-069 https://www.fortiguard.com/psirt/FG-IR-23-069
Patch	FortiNAC - Stored XSS triggering RCE via license key forgery \| FG-IR-23-013 https://www.fortiguard.com/psirt/FG-IR-23-013
Patch	FortiNAC - Weak authentication mechanism on device registration page \| FG-IR-22-464 https://www.fortiguard.com/psirt/FG-IR-22-464
Patch	FortiNAC - database harcoded credentials \| FG-IR-22-520 https://www.fortiguard.com/psirt/FG-IR-22-520
Patch	FortiNAC - SSH Weak Key Exchange Algorithm \| FG-IR-22-452 https://www.fortiguard.com/psirt/FG-IR-22-452
Patch	FortiNAC - Weak password hashing method in /etc/shadow \| FG-IR-22-456 https://www.fortiguard.com/psirt/FG-IR-22-456
Patch	FortiNAC - open redirect in defaultUrl parameter \| FG-IR-22-407 https://www.fortiguard.com/psirt/FG-IR-22-407

Definitive source of threat updates

https://www.fortiguard.com/psirt

CVE Vulnerabilities

Status Published

CVE-2023-27999

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

Status Published

CVE-2023-22640

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted requests.

Status Published

CVE-2023-27993

A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands.

Status Published

CVE-2023-22637

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.

Status Published

CVE-2022-45860

A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.

Status Published

CVE-2023-26203

A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands.

Status Published

CVE-2022-45858

A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks.

Status Published

CVE-2022-45859

An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.

Status Published

CVE-2022-43950

A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.

Last edited: 5 May 2023 1:56 pm